Lucene search
K

8 matches found

SUSE CVE
SUSE CVE
added 2026/06/13 2:17 a.m.9 views

SUSE CVE-2026-44250

Netty is a network application framework for development of protocol servers and clients. In netty-codec-redis prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can cause DoS by sending a crafted Redis payload with deeply nested arrays. This forces the server to allocate a massive...

7.5CVSS5.3AI score0.00371EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/11 8:52 p.m.8 views

CVE-2026-44890 Netty has Unbounded Direct Memory Consumption in its RedisDecoder

Netty is a network application framework for development of protocol servers and clients. In netty-codec-redis prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can cause DoS by sending crafted Redis payloads across multiple connections without \r\n. This exhausts the server's direct...

7.5CVSS5.2AI score0.00371EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/08 7:1 p.m.7 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS in the RedisArrayAggregator function. An attacker can exhaust system memory by sending specially crafted Redis payloads containing deeply nested arrays, resulting in allocation of excessive state objects and...

8.7CVSS5.5AI score0.00371EPSS
Exploits0References2
OSV
OSV
added 2026/06/08 1:38 p.m.17 views

USN-8401-1 netty vulnerabilities

It was discovered that Netty's HTTP proxy handler did not properly validate headers when constructing CONNECT requests. An attacker could possibly use this issue to inject arbitrary HTTP headers into CONNECT requests. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS,...

9.8CVSS7AI score0.00818EPSS
Exploits6References7
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.13 views

PT-2026-47543

Summary An attacker can cause DoS by sending a crafted Redis payload with deeply nested arrays. This forces the server to allocate a massive number of state objects and collections, leading to memory exhaustion and an OutOfMemoryError. Details io.netty.handler.codec.redis.RedisArrayAggregator...

7.5CVSS5.5AI score
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-42586

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, the Netty Redis codec encoder RedisEncoder writes...

7.1CVSS7AI score0.00198EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/05/13 6:20 p.m.46 views

CVE-2026-42586 Netty: CRLF Injection in Netty Redis Codec Encoder

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, the Netty Redis codec encoder RedisEncoder writes user-controlled string content directly to the network output buffer without validating or sanitizing CRLF \r\n characters. Since the...

6.8CVSS0.00198EPSS
Exploits1References1
CVE
CVE
added 2026/05/13 6:20 p.m.22 views

CVE-2026-42586

CVE-2026-42586 affects Netty up to 4.2.13.Final and 4.1.133.Final where the RedisEncoder writes user-controlled strings to the output buffer without sanitizing CRLF (\n). Because RESP uses CRLF as command/response delimiters, an attacker who controls Redis message content can inject arbitrary Red...

7.1CVSS6AI score0.00198EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder